Password Sharing

Yes, we should guard our passwords like gold bars in Fort Knox. But at the same time, it’s prudent for individuals to ensure trusted people have access to their accounts. We discussed it before, but it’s worth doing it again, especially when it can prevent more heartache with the death of a loved one or a catastrophic event.

Password problems crop up all the time for both commercial and individual clients. They can be annoying, especially when spouses or kids constantly forget passwords, sending you on a hunt. They can be disruptive, especially when an employee leaves and you need to change passwords for accounts they used for your business. They can be downright heart-rending, especially when you need to handle the affairs of family members or friends who have become incapacitated or have passed away.

That last group of problems takes on particular urgency because you’re out there alone. There’s nobody to help you know what to look for and where to find it – especially while you’re working in a highly emotional atmosphere.

All these problems are avoidable, with or without technological solutions.

Unfortunately, we learned about the non-tech side of it when our friend committed suicide. In his deep depression, he knew his family would be devastated. Yet he had the presence to leave detailed information about what his survivors would need to close his affairs and carry on with their lives. It probably made things easier, though nobody involved could know how much while dealing with their grief.

Because we depend on website access to manage just about every aspect of our personal and professional lives, a trusted person or small group of people must have complete information for all usernames and passwords. The info can be on a list that’s printed out or written in a notebook and stored in a safe place. Most of you probably have a fireproof storage box or a safe for important documents such as birth certificates or passports anyway. There’s nothing wrong with hard copies.

However, we can’t emphasize strongly enough that you can set up a password manager with a family-and-friends feature that solves just about all password and web-based account access problems. You only need to remember one strong master password to access all your websites. We like Dashlane for its reliability and ease of use, but it’s not the only one. And regardless of whether it’s for personal/family use or business, certain principles still apply.

Here’s what to look for:

  1. The ability to work across multiple devices and platforms. Everyone depends on being able to use computers, phones, tablets, and even smart watches seamlessly. Many people use Windows, Apple, and Android systems individually and in corporate networks. Your password manager must be able to work on all devices and platforms.
  2. Facial recognition. We believe this is the most efficient biometric for speed and security, especially when you’re on the go and using a mobile device. In some cases, you don’t even need your master password. That’s a great convenience.
  3. The ability to share passwords with a family-and-friends capability or a corporate plan. Whether it’s another annoying request from a family member or a critical request from a business associate who needs instant access, you can find the password they need and give it to them. It can also make it much easier to oversee the affairs of loved ones when necessary.

We look forward to the day when biometrics or some other technology will eliminate the need for passwords. When that day comes, all of our information will be more secure, and easier to access our websites and online accounts. Until that day comes, a password manager is your best bet to handle everyday online life and emergencies.

We can help you select the password manager that best meets your needs, and we can help you configure an individual plan or a multi-user plan. Call us – 973-433-6676 – or email us to discuss your needs or for configuration help.

Cookies, Passwords, and Computerless Invasions

We disdain cookies and passwords so much that we expose our sensitive data to hackers who never need to invade our computers, phones, or tablets to get it. There’s so much information about each of us out in there, yet we use skeleton keys instead of padlocks to protect what we can.

You can adjust your cookie settings to limit tracking cookies, but website operators make it cumbersome – because they want advertisers and merchants to pay them for ways to track you across the internet and sell you stuff. Cookies get a lot of notoriety because of that, but they also serve useful purposes. They enable a site to direct you properly to the areas you need to go to and display appropriately for your browser and device.

Tracking cookies are another matter. They can tell anyone who plants a tracking cookie on your device where you go, and that’s creepy on the one hand and dangerous on the other.

I generally ignore all those cookie messages or just accept all cookies. I feel that many trackers already have information on me, and I am confident I’m savvy enough to avoid online traps. You should be, too, if you follow us regularly. The ads and even the phishing expeditions are a royal annoyance, but you’re safe if you’re smart.

Tracking cookies get dangerous when they converge with weak passwords. This affects business and personal internet use, and here’s how cybercriminals get you.

Once cyberstalkers know where you go, they can make some guesses about your username, which usually has an element of your name or your entire email address, and they have software to try to crack passwords. If you have a weak password – such as the first initial, last name, and 123 that a friend who got hacked used – they’ll crack it. And if you use it at multiple sites, they’ll get into every one of them. And they never had to get into your computer to get into your accounts. The clues were out there to find your bank account or credit card number to clean you out or go on a shopping spree.

The problem, of course, is with a weak password and the lack of a password manager. As an aside, if you are hacked, we use your cookies to see where you’ve been and see if something there has led to someone getting your info and maybe your money.

Finding a strong, unique password or several really strong passwords that you can easily remember is not that hard. What’s an odd association with your name or something you see when you look out the window? What’s a number that’s not tied to your birthday, phone number, or something else that could be part of your public record? What’s a random word that relates to nothing? Where can you substitute a number or special character for a letter? Following that process, any combination of 12 to 16 characters should give you a strong password.

If you combine a strong password with a password manager, you can let the password manager generate random strings of letters, numbers, and characters that become strong passwords. And if your password manager and the websites you visit have facial recognition capability, it’s simpler, stronger, and even faster.

We can help you configure a password manager for individuals or groups, and we can help with improving your password security. Call us – 973-433-6676 – or email us to discuss your needs and develop a plan.

A Guy Gets in a Tesla in Ukraine…

A Tesla driver in Ukraine got a “free ride” on Spotify, courtesy of a US Tesla owner whose car was totaled. It was one of the many ways electronic hitchhikers can access your data on so many different kinds of things. This is just the latest story of how our data lives on – and on – when we no longer own (or lease) a car with an infotainment system or Bluetooth, a copier, or a mobile device.

How did a Tesla owner in Ukraine happen to have access to a Spotify account? It happened like this.

An executive news editor at a major TV outlet recently tweeted (or X’d) that a Tesla he had totaled last year was now in southern Ukraine, and the new owner was listening to Drake on his Spotify account. Reporters tracked down what happened to their editor’s car. An online auction site scooped up the Tesla after it was totaled and listed for sale. Someone in Ukraine appears to have won the bid, and the car was shipped from New Jersey to Europe, where its new owner was able to access the editor’s personal Spotify playlists.

The editor contacted Tesla to see how he could log out of his former car, and the company instructed him to disconnect the vehicle from his account. But several steps, such as entering new owner information, were impossible. Experts in data security told reporters that simply disconnecting an account from the car does not prevent your data from being extracted. They said Tesla should have had a feature to “wipe all my info from this car” long ago.

This is far from a Tesla-specific issue. Cars, laptops, smartphones, TVs, and even refrigerators are now internet-connected devices that can store personal data.

In the office, networked copiers are used as printers and scanners and save everything that passes through them. The equipment manufacturers build this in because leases can be based on the number of pages a unit scans, copies or prints. Today’s units also have long service lives after a lease expires. So when you turn back a copier to lease a newer model, the copier company puts it back on the market. Unless you’ve taken specific steps to wipe the data clean, every document run through the copier goes on the market, too.

We must confess we don’t have access to the menus for the service functions that can wipe the data from a unit, and we haven’t found a way into them – yet. So your best resort is to contact your copier company and make sure all your personal data is wiped clean before the machine leaves your premises.

It may take a little searching through the menus for other devices, but you should be able to find the magic button that returns each of them to factory default settings. iPhones are top of mind for this now because the iPhone 15 is hitting the market later this month, and that – along with new phones from other manufacturers – triggers a spree of trade-ins to bring down the price of a new phone. You might also plan to get new computers for your office or your children for the new school year. The same principle applies. Wipe every device clean of all your data.

Along the same lines, wipe them clean if you’re renting a car and using your data on the Bluetooth and infotainment system, including iOS and Android systems that run through the radio. And make sure you log out of your TV subscriptions before checking out of your hotel room or rental home.

If you’re not sure how to wipe a device clean or log out of a subscription, call us – 973-433-6676 – or email us to walk you through the process. We recommend you do this well before you turn in your car or room key so we’re available to help. In the age of internet-connected vehicles and devices, you never know who’s going to get one of them next.

Steps to Take – Mitigate Fallout from Russian Hacking Incident

If you haven’t seen or heard the news, a Russian group has hacked user names and passwords for some 1.2 Billion accounts worldwide.

We urge you to run a virus scan and malware scan as quickly as possible on all of your computers to determine if your system has been infected. This post from The New York Times, which first reported the incident, covers some basic steps you can take. We’ve discussed them before, and they are now very much worth repeating. If you want to learn more, you can read reports from PC Magazine and The New York Times.

 

As always, if you have any questions or concerns, contact us immediately by phone (973-433-6676) or email.